Security News for the Week Ending April 15, 2022
Cyber Command Says Chip Shortage is a National Security Issue
The head of U.S. Cyber Command, General Paul Nakasone, told Congress that China’s continued progress towards domestic chip production is a problem. If China achieves chip independence, that puts them in a position to do what they want and not worry about sanctions. For example, they could cut off our access to precious metals that we need to produce chips ourselves. Credit: Cyber Scoop
Russian Crooks Worried Sanctions Will Delete Their Ill-Gotten Gains
Russian crooks are nothing if not capitalists. They are worried that sanctions could impact their net worth and they are chattering about that on the underground web. They are worried about funds in Russian banks and how much their Rubles might not be worth in six months. I am so sad for them. Not. Of course, that might mean the Russian mob might do some kinetic adjustments themselves. Credit: Cyber News
CISA Advises D-Link Users to Take Vulnerable Routers Offline
CISA is really rocking when it comes to telling folks about bad stuff. The newest vulnerabilities are a remote code execution on a whole family of D-Link routers. Unfortunately, they have reached their end of support, so D-Link not going to fix them. Users all the time ask why they have to replace working hardware that has reached end of life. The answer is because you want to keep the bad guys out. If you don’t care, keep using them. You can rest easy that the hackers are scanning the Internet looking for these routers – that will never be patched. Credit: Malware Bytes
New Bug in MS RPC Runtime – Zero-Click Remote Code Execution
CVE 2022-26809 has emerged just a couple of days after patch Tuesday. It is a remotely exploitable, unauthenticated, zero-click (no user interaction) remote code execution bug. It doesn’t get much worse than that. The bug is in the Microsoft Remote Procedure Call runtime and affects multiple Windows versions. If you block port 445 at your firewall (both in and out, which you should), that will stop direct external attacks, but it won’t stop attacks from a compromised workstation. Credit: Helpnet Security
Reminder: 3G Cell Networks Shutting Down. Old Devices Will Stop Working
Wireless spectrum is scarce. Buying it from someone else is very expensive. What are the carriers doing? Reusing old spectrum. The carriers have already shut down their 2G networks. Next comes their 3G networks. That means that old cars that talk to the Internet will stop talking. Alarm systems will stop sending alarms if they can only talk 3G (there may be a box that your alarm company can add to your system to fix this). Medical devices may stop talking to your doctor. Depending on the carrier, the shutdown has already begun. AT&T turned theirs off in February. Verizon is at the end of the year. If you have anything that uses the cell network, now is the time to check. Credit: ZDNet